CVE-2024-28139 Privilege escalation through sudo misconfiguration

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future...

K000148897: Sudo vulnerability CVE-2019-19232

Security Advisory Description In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because...

vCenter Sudo Privilege Escalation

VMware vCenter Server use exploit/linux/local/vcentersudolpe msf exploitvcentersudolpe show targets ...targets... msf exploitvcentersudolpe set TARGET msf exploitvcentersudolpe show options ...show and set options... msf exploitvcentersudolpe exploit This module requires Metasploit:...

Advisory ROSA-SA-2024-2536

software: re2c 3.1 AXIS: ROSA-CHROME packageevrstring: re2c-3.1-1 CVE-ID: CVE-2022-23901 BDU-ID: None CVE-Crit: CRITICAL. CVE-DESC.: The re2c 2.2 stack overflow is due to infinite recursion issues in src/dfa/deadrules.cc. CVE-STATUS: Fixed CVE-REV: To close, run the command: sudo dnf update re2c...

Advisory ROSA-SA-2024-2535

software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...

CVE-2024-9875

Okta Privileged Access server agent SFTD versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent SFTD to version 1.87.1 or greater...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156-without-ip-command fork of worawit/CVE-2021-315...

K000148482: Sudo vulnerability CVE-2019-19234

Security Advisory Description In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

CVE-2024-48073

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which...

CVE-2024-48073

Summary: CVE-2024-48073 affects sunniwell HT3300 prior to 1.0.0.B022.2. The /usr/local/bin/update updater runs with sudo NOPASSWD and is vulnerable to a command injection, enabling an attacker to pass commands via command line arguments to gain elevated root privileges. Impact: total compromise o...

CVE-2024-48073

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-2644)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-2678)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the system administration tool Sudo on Windows operating systems, which allows attackers to perform spoofing attacks

The vulnerability of the system administration tool Sudo in Windows operating systems is related to improper restrictions on communication channels for potential targets. Exploiting this vulnerability allows attackers to perform spoofing attacks...

Granular sudo Permissions for Management of Veeam Agent for Oracle Solaris

Purpose This article provides examples of granular 'sudo' configuration for the Linux account that will be used by Veeam Backup & Replication when managing Veeam Agent for Oracle Solaris deployments with a Protection Group. Solution The following granular sudo permissions were tested with Veeam...

Granular sudo Permissions for Management of Veeam Agent for IBM AIX

Purpose This article provides examples of granular 'sudo' configuration for the Linux account that will be used by Veeam Backup & Replication when managing Veeam Agent for IBM AIX deployments with a Protection Group. Solution The following granular sudo permissions were tested with Veeam Agent fo...

CVE-2024-43571

Sudo for Windows Spoofing Vulnerability...

CVE-2024-43571

Sudo for Windows Spoofing Vulnerability...

CVE-2024-43571

Technical details about CVE-2024-43571 are not publicly provided in the supplied documents. Monitor official advisories (MSRC/update guides) for affected products, impact, and fixes.

CVE-2024-43571 Sudo for Windows Spoofing Vulnerability

...